[Emerging-updates] Daily Ruleset Update Summary 2019/11/22

James Emery-Callcott jcallcott at emergingthreats.net
Fri Nov 22 14:27:52 HST 2019


[***]            Summary:            [***]

  24 new Pro (0 + 24).  Gh0stCringe, Remcos, Various Android, Various Phish.

  Suricata 5.0 Support blog:
https://www.proofpoint.com/us/corporate-blog/post/emerging-threats-announcing-support-suricata-50
  Suricata 2/3 EOL information:
https://lists.emergingthreats.net/pipermail/emerging-updates/2019-October/004655.html

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Pro:

  2839572 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.MobOk.pac Checkin
(mobile_malware.rules)
  2839573 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.MobOk.pac CnC Beacon
(mobile_malware.rules)
  2839574 - ETPRO MOBILE_MALWARE Andr/PornClk-AR Checkin
(mobile_malware.rules)
  2839575 - ETPRO MOBILE_MALWARE AndroidOS.Bookoloid Geo Location/Device
Info Exfil (mobile_malware.rules)
  2839576 - ETPRO MOBILE_MALWARE Riskware.AndroidOS.Hamiraca Device/Debug
Info Exfil (mobile_malware.rules)
  2839577 - ETPRO MOBILE_MALWARE Trojan-Downloader.AndroidOS.Guerrila.j
Checkin (mobile_malware.rules)
  2839578 - ETPRO POLICY Observed Suspicious SystemCheats User-Agent
(policy.rules)
  2839579 - ETPRO TROJAN Observed Malicious SSL Cert (BrushaLoader CnC)
(trojan.rules)
  2839580 - ETPRO TROJAN Observed Malicious SSL Cert (Get2 CnC)
(trojan.rules)
  2839581 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2839582 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2019-11-21 1) (trojan.rules)
  2839583 - ETPRO CURRENT_EVENTS Successful GMX Phish 2019-11-22
(current_events.rules)
  2839584 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-11-22
(current_events.rules)
  2839585 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-11-22
(current_events.rules)
  2839586 - ETPRO CURRENT_EVENTS Successful Banco Inter Phish 2019-11-22
(current_events.rules)
  2839587 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2019-11-22
(current_events.rules)
  2839588 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-11-22 (current_events.rules)
  2839589 - ETPRO CURRENT_EVENTS Successful Amazon Phish 2019-11-22
(current_events.rules)
  2839590 - ETPRO CURRENT_EVENTS Successful Rabobank Phish 2019-11-22
(current_events.rules)
  2839591 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-11-22
(current_events.rules)
  2839592 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-11-22
(current_events.rules)
  2839593 - ETPRO TROJAN Gh0stCringe CnC Activity M6 (trojan.rules)
  2839594 - ETPRO TROJAN Win32/Remcos RAT Checkin 257 (trojan.rules)
  2839595 - ETPRO TROJAN Win32/Remcos RAT Checkin 258 (trojan.rules)

[///]     Modified active rules:     [///]

  2834242 - ETPRO MOBILE_MALWARE Android.Trojan.FakeApp.EV Checkin
(mobile_malware.rules)
  2835818 - ETPRO TROJAN MSIL.FolderLock Stealer Password Exfil via SMTP M1
(trojan.rules)
  2836296 - ETPRO TROJAN MSIL.FolderLock Stealer Password Exfil via SMTP M2
(trojan.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20191123/50d52684/attachment.html>


More information about the Emerging-updates mailing list